This guide will show an administrator how to identify emails that have been detected by Microsoft scanning too possibly have non-reputable URLs.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: TBD
Domain: TBD
Modifies: TBD
O365 Security Identify Suspicious URLs
- Navigate to the Threat Explorer – Microsoft Defender portal, locate and select All Email.
- With all email selected, we will specify search parameters. Click into the Date box and set it to the desired timeline, 7 days recommended. On the next dropdown, find and select the URL Threat drop down. Finally, for the types to show select Malware, Phish, Spam. After setting all of the parameters, click Refresh.
- Click into a message that requires investigation. Scroll down the URLs section. Since a URL was included in the email, it will be listed. Rating such as Phishing, Spam, or Malware indicate that the URL was found to be suspicious, and action may need to be taken to allow delivery due depending on the delivery action that was taken.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.